Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › Data Bridge › SecurityAssist › error with login form on homepage redirecting to https

error with login form on homepage redirecting to https

Thread began 10/12/2009 11:57 pm by jasonkline326722 | Last modified 10/13/2009 4:12 pm by Ray Borduin | 1602 views | 3 replies |

10/12/2009 11:57 pm | #1 jasonkline326722

error with login form on homepage redirecting to https

The login form on the homepage gets access denied everytime I attempt to change the code ""successRedirect" => "mainhome.php"," below for https access.

if($_SERVER["REQUEST_METHOD"] == "POST"){
$WA_Auth_Parameter = array(
"connection" => $NoWayJose,
"database" => $database_NoWayJose,
"tableName" => "NoWayJosetable",
"columns" => explode($WA_Auth_Separator,"User_Name".$WA_Auth_Separator."Password"),
"columnValues" => explode($WA_Auth_Separator,"".((isset($_POST["username"]))?$_POST["username"]:"") ."".$WA_Auth_Separator."".((isset($_POST["userpassword"]))?$_POST["userpassword"]:"") .""),
"columnTypes" => explode($WA_Auth_Separator,"text".$WA_Auth_Separator."text"),
"sessionColumns" => explode($WA_Auth_Separator,"securekey".$WA_Auth_Separator."userLevel".$WA_Auth_Separator."User_Name"),
"sessionNames" => explode($WA_Auth_Separator,"securekey".$WA_Auth_Separator."userLevel".$WA_Auth_Separator."User_Name"),
"successRedirect" => "https://ssldomainhome.com/mainhome.php",
"failRedirect" => "accessdeny.php",
"gotoPreviousURL" => TRUE,
"keepQueryString" => TRUE
);

WA_AuthenticateUser($WA_Auth_Parameter);
}

This will only work is I first goto ssldomainhome.com then login from homepage.

10/13/2009 1:31 pm | #2 Ray BorduinWebAssist

Since https is for security on forms, you should really take them to the https version of the login page in the failed redirect or any links to the login page in the first place and not redirect to the https only upon success. Since at that point the login information itself is subject to lack of security.

Did this help? Tips are appreciated...

10/13/2009 3:15 pm | #3 jasonkline326722

Thank you the reply Ray.

OK I have done this already.

"successRedirect" => "https://ssldomainhome.com/mainhome.php",
"failRedirect" => "https://ssldomainhome.com/accessdeny.php",

I guess I have not explain the problem correctly.

With the code set like above, when I go to my homepage that has the login form embeded (www.ssldomainhome.com) and I login... I get access denied every time.

The only way to login successfully is to open my browser and point to homepage(ssldomainhome.com) and then I will login sucessfully.

Why is this happening and how do I fix this?

10/13/2009 4:12 pm | #4 Ray BorduinWebAssist

You can use a mod rewrite like this:

automatically-redirecting-to-the-www-prefix/

or use php like this:

scripts-php-script-htaccess-removing-www-or-adding-to-site-piotr-grd-t31345.0.html%3Bwap2=

Did this help? Tips are appreciated...

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.